6.7 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @anthonyroussel Activity log
- Created automatic suggestion
- @anthonyroussel dismissed
Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection.
References
- https://access.redhat.com/security/cve/CVE-2025-9908 x_refsource_REDHAT vdb-entry
- RHBZ#2392835 issue-tracking x_refsource_REDHAT
- RHSA-2025:19201 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19221 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23069 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23131 x_refsource_REDHAT vendor-advisory
Affected products
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
Matching in nixpkgs
pkgs.molecule
Molecule aids in the development and testing of Ansible roles
pkgs.ansible-lint
Best practices checker for Ansible
pkgs.ansible-builder
Ansible execution environment builder
pkgs.ansible-navigator
Text-based user interface (TUI) for Ansible
pkgs.python312Packages.bindep
Bindep is a tool for checking the presence of binary packages needed to use an application / library
pkgs.python313Packages.bindep
Bindep is a tool for checking the presence of binary packages needed to use an application / library
pkgs.python314Packages.bindep
Bindep is a tool for checking the presence of binary packages needed to use an application / library
pkgs.python312Packages.molecule
Molecule aids in the development and testing of Ansible roles
pkgs.python313Packages.molecule
Molecule aids in the development and testing of Ansible roles
pkgs.python314Packages.molecule
Aids in the development and testing of Ansible roles
pkgs.python312Packages.ansible-builder
Ansible execution environment builder
pkgs.python313Packages.ansible-builder
Ansible execution environment builder
pkgs.python314Packages.ansible-builder
Ansible execution environment builder
pkgs.python312Packages.molecule-plugins
Collection on molecule plugins
pkgs.python313Packages.molecule-plugins
Collection on molecule plugins
pkgs.python314Packages.molecule-plugins
Collection on molecule plugins
Package maintainers
-
@Melkor333 Samuel Ruprecht <samuel@ton-kunst.ch>
-
@sengaya Thilo Uttendorfer <tlo@sengaya.de>
-
@HarisDotParis Haris <git@haris.paris>
-
@robsliwi Robert Sliwinski <r@sliwi.org>
-
@dawidd6 Dawid Dziurla <dawidd0811@gmail.com>
-
@anthonyroussel Anthony Roussel <anthony@roussel.dev>
-
@vinetos vinetos <contact+git@vinetos.fr>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>